package com.cskaoyan.config;

import com.cskaoyan.config.shiro.CustomAuthenticator;
import com.cskaoyan.config.shiro.CustomSessionManager;
import com.cskaoyan.realm.AdminRealm;
import com.cskaoyan.realm.UserRealm;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.ArrayList;
import java.util.LinkedHashMap;

/**
 * @author wangdezhao
 * @date 2021/6/6
 * @description
 */

@Configuration
public class ShiroConfig {

    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultWebSecurityManager securityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();

//认证失败后重定向的url
//        shiroFilterFactoryBean.setLoginUrl("/unauthc");
        shiroFilterFactoryBean.setSecurityManager(securityManager);

        LinkedHashMap<String, String> filterMap = new LinkedHashMap<>();
        // 后台管理页面
//        filterMap.put("/admin/auth/login", "anon");
        filterMap.put("/admin/auth/login", "anon");
        filterMap.put("admin/auth/info", "anon");
//        filterMap.put("admin/auth/*", "anon");

        // wx 页面
        filterMap.put("/wx/**", "anon");


        // 数据库监控
        filterMap.put("/druid/**", "anon");

        // 其他
        filterMap.put("/**", "authc");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);

        return shiroFilterFactoryBean;
    }


    //shiro核心组件 SecurityManager
    @Bean
    public DefaultWebSecurityManager securityManager(AdminRealm adminRealm, UserRealm userRealm,
                                                     DefaultWebSessionManager webSessionManager,
                                                     CustomAuthenticator authenticator) {
        DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
        defaultWebSecurityManager.setRealm(adminRealm);
        defaultWebSecurityManager.setRealm(userRealm);
        defaultWebSecurityManager.setSessionManager(webSessionManager);
        defaultWebSecurityManager.setAuthenticator(authenticator);
        return defaultWebSecurityManager;
    }

    /*
     * 声明式鉴权 注解需要的组件
     * */
    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
        return authorizationAttributeSourceAdvisor;
    }

    @Bean
    public DefaultWebSessionManager webSessionManager() {
        CustomSessionManager customSessionManager = new CustomSessionManager();

        //删除过期session
        customSessionManager.setDeleteInvalidSessions(true);
        //设置session 过期时间
        customSessionManager.setGlobalSessionTimeout(7 * 24 * 60 * 60 * 1000);
        customSessionManager.setSessionValidationSchedulerEnabled(true);
        return customSessionManager;
    }

    /**
     * 整合realms
     *
     * @param adminRealm
     * @param userRealm
     * @return
     */
    @Bean
    public CustomAuthenticator authenticator(AdminRealm adminRealm, UserRealm userRealm) {
        CustomAuthenticator customAuthenticator = new CustomAuthenticator();
        ArrayList<Realm> realms = new ArrayList<>();
        realms.add(adminRealm);
        realms.add(userRealm);
        customAuthenticator.setRealms(realms);
        return customAuthenticator;
    }
}
